cy.utoke.b0tnet.com
Open in
urlscan Pro
43.153.106.5
Malicious Activity!
Public Scan
Effective URL: https://cy.utoke.b0tnet.com/bill
Submission: On November 24 via api from US — Scanned from US
Summary
TLS certificate: Issued by R3 on November 23rd 2023. Valid for: 3 months.
This is the only time cy.utoke.b0tnet.com was scanned on urlscan.io!
urlscan.io Verdict: Potentially Malicious
Targeting these brands: Cyprus Post (Transportation)Domain & IP information
IP Address | AS Autonomous System | ||
---|---|---|---|
1 1 | 2606:4700:303... 2606:4700:3033::6815:436a | 13335 (CLOUDFLAR...) (CLOUDFLARENET) | |
1 1 | 43.153.25.225 43.153.25.225 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
13 | 43.153.106.5 43.153.106.5 | 132203 (TENCENT-N...) (TENCENT-NET-AP-CN Tencent Building) | |
13 | 1 |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
hustink.online |
ASN132203 (TENCENT-NET-AP-CN Tencent Building, Kejizhongyi Avenue, CN)
cy.utoke.b0tnet.com |
Apex Domain Subdomains |
Transfer | |
---|---|---|
13 |
b0tnet.com
cy.utoke.b0tnet.com |
240 KB |
1 |
hustink.online
1 redirects
hustink.online |
117 B |
1 |
lihi.cc
1 redirects
lihi.cc |
996 B |
13 | 3 |
Domain | Requested by | |
---|---|---|
13 | cy.utoke.b0tnet.com |
cy.utoke.b0tnet.com
|
1 | hustink.online | 1 redirects |
1 | lihi.cc | 1 redirects |
13 | 3 |
This site contains links to these domains. Also see Links.
Domain |
---|
www.cypruspost.post |
www.cytacom.com |
www.facebook.com |
twitter.com |
www.instagram.com |
Subject Issuer | Validity | Valid | |
---|---|---|---|
cy.utoke.ocry.com R3 |
2023-11-23 - 2024-02-21 |
3 months | crt.sh |
This page contains 1 frames:
Primary Page:
https://cy.utoke.b0tnet.com/bill
Frame ID: 65E8B8051055D773EDA37320D905DE45
Requests: 13 HTTP requests in this frame
Screenshot
Page Title
Αρχική ΣελίδαPage URL History Show full URLs
-
https://lihi.cc/bDYp4
HTTP 302
https://hustink.online/08ag2E HTTP 302
https://cy.utoke.b0tnet.com/bill Page URL
Detected technologies
Vue.js (JavaScript Frameworks) ExpandDetected patterns
- <[^>]+\sdata-v(?:ue)?-
jQuery (JavaScript Libraries) Expand
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
10 Outgoing links
These are links going to different origins than the main page.
Title: Αρχική Σελίδα
Search URL Search Domain Scan URL
Title: €0.00
Search URL Search Domain Scan URL
Title: Σύνδεση
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Cytacom Solutions Ltd
Search URL Search Domain Scan URL
Title: Δήλωση Ιδιωτικού Απορρήτου
Search URL Search Domain Scan URL
Title: Site Map
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
https://lihi.cc/bDYp4
HTTP 302
https://hustink.online/08ag2E HTTP 302
https://cy.utoke.b0tnet.com/bill Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
13 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
bill
cy.utoke.b0tnet.com/ Redirect Chain
|
5 KB 1 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
f6170fbbJ36E5.css
cy.utoke.b0tnet.com/assets/ |
908 B 1 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
base64.min.js
cy.utoke.b0tnet.com/admin/ |
5 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
cy.utoke.b0tnet.com/admin/ |
88 KB 34 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zero.min.js
cy.utoke.b0tnet.com/admin/ |
3 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
df8f8472J36E5.css
cy.utoke.b0tnet.com/assets/ |
318 KB 67 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
4cd1ec68J36E5.css
cy.utoke.b0tnet.com/assets/ |
323 B 497 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
e9841a77J36E5.css
cy.utoke.b0tnet.com/assets/ |
389 B 563 B |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
42.jpg
cy.utoke.b0tnet.com/layout/images/ |
11 KB 11 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
258c8261J36E5.woff2
cy.utoke.b0tnet.com/assets/ |
9 KB 9 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
fe185d11J36E5.woff2
cy.utoke.b0tnet.com/assets/ |
18 KB 18 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
441e2360J36E5.woff2
cy.utoke.b0tnet.com/assets/ |
18 KB 18 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
2adefcbcJ36E5.woff2
cy.utoke.b0tnet.com/assets/ |
75 KB 76 KB |
Font
application/octet-stream |
||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
Verdicts & Comments Add Verdict or Comment
Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!
urlscan
Phishing against: Cyprus Post (Transportation)19 JavaScript Global Variables
These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.
object| documentPictureInPicture object| Base64 function| $ function| jQuery object| _0x3970 function| _0x1db2 object| ws undefined| zeroSendMsg undefined| call object| params boolean| lockReconnect number| active string| uuid string| page object| heartCheck function| createWebSocket function| initEventHandle function| sendWithMsg function| reconnect8 Cookies
Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.
Domain/Path | Expires | Name / Value |
---|---|---|
lihi.cc/ | Name: redirect_id Value: eyJpdiI6Im9kR3djellBWExiUGtUZkl6a2hub0E9PSIsInZhbHVlIjoiV3R6VVhrdmZyKzduNEk3SnhMbHdpYTdJQXZKaTZWeXlGa2dZQ0ZreWR4eTIxQ3hcL0p6SXVOb0lCN2psOWFRYmQiLCJtYWMiOiJkMmI4MWFjYjcwOWEwMGRiY2QxNmFhMjY5NTcxYWIxNzU1M2ZiNDY1NmZhOWE1MzIwMjVjOGIyNGRiY2JmMmE3In0%3D |
|
lihi.cc/ | Name: lihi_session Value: eyJpdiI6Ik1LN3pUXC82OW0rWmJCMXBoQU45MzNRPT0iLCJ2YWx1ZSI6IjFMQVJOakZvNHA2YnRZXC8zSnh0anFtdXhQS3VJY3hFQmxBV0E5M0dQTkVpRGt6dGJmc2QrUUhTTm51OTJnVWRkIiwibWFjIjoiMGY5ZjllYzQwZTVlMDY0NzBkNDdkZWZmNWFkN2I1Y2UwNDQxZDMwOWZjZDMyNTIxYTZiNzA0ZDU2NDNmZWM2NSJ9 |
|
cy.utoke.b0tnet.com/ | Name: uv Value: 67bba0fc7d407ccfe5ec21c3aed4e677 |
|
cy.utoke.b0tnet.com/ | Name: wss Value: wss%3A%2F%2Fcy.utoke.b0tnet.com%2Fwss |
|
cy.utoke.b0tnet.com/ | Name: maxClick Value: 1000 |
|
cy.utoke.b0tnet.com/ | Name: change Value: 1 |
|
cy.utoke.b0tnet.com/ | Name: heatBeat Value: 25 |
|
cy.utoke.b0tnet.com/ | Name: errorLink Value: https%3A%2F%2Fgoogle.com |
Indicators
This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.
cy.utoke.b0tnet.com
hustink.online
lihi.cc
2606:4700:3033::6815:436a
43.153.106.5
43.153.25.225
258c82612dc0e5a8dc1e7042a2e7eb7dbe544b04afc591f2b7b37c96cecb3f99
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
42276d697db885fb7a9d541aa4dc1c1cb03422e5838e86543084e90ea392a51b
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
4cd1ec684ce1c4f864a8e95f9f7695c7f708160192531ff8e55fc5023abf5b64
72d03430daa72d33ab2162785decdb48d0c37dd10c4231c421d45ca0ef007a8b
a0fe8723dcf55da64d06b25446d0a8513e52527c45afcb37073465f9c6f352af
b179ab217c3bb968b67eae1ebb55b56f73a543964699c64e70f582f0304ea536
bb294527084a587d72af4febafeae1bf8eafa491b869956047f357190dc001f6
df8f8472ce3a177cc6bbd7df87fb353694af7b6ea4e3c8bc386ce26998e1cfe7
e9841a77f4566e799dbcc67059041cd351a5cdb626be21b2db57b8c0ad660021
f2fdee7afb7ef6b7391750a2c0ec60aefec287b2c6bc0d6f4c10d6c6e73b2373
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c